How can I fix this?

Carefully follow this guide.

When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

@wildbug

Are you sure the content is *actually* in the post itself ?
Oftentimes, it is a script that injects the malicious code into the post to only display in the browser.

A hacked site like this is not fun to deal with. It is very tedious, and often fruitless. Depending on the size of the site, I have chosen to completely rebuild the site instead of trying to clean it.

You can use an online service like https://imgur.com/ to post links to screenshots.

It seems the link was put into individual posts… I deleted them directly from the post itself; it’s not a code in the single.php document. That’s what made me think that the “Options My Links” is the culprit. I just need to find the code for that and delete it.

To the Moderator:
I did several of the site scans you gave me links for and they all came up clear. Not sure you are understanding what I am saying. Someone somehow inserted something in the Settings area so they can come on my site at any time and insert links into selected posts. I would love to know where to find the items that fall under the “Settings” tab in the server. Then I can find the one they installed and remove it. Can you help?

Well I figured this out on my own. The file was called cpt-links and I found it under Plugins on my server. The code was half in Greek language. I deleted it and will now install some more security on my site. Thanks for your help!

This is resolved now.

@wildbug

Before you do this, understand it is often a needle in a haystack.
– if you had a backup, I would load that first and see if it is infected or not
– download your /wp-content folder and search within files for this string :
eval(base64_decode())
and remove it all.
– make sure all your plugins, themes and core are updated to newest version
– check the Admin users and Roles under Users

> I would love to know where to find the items that fall under the “Settings” tab in the server

This is not stored on the server, it is stored in the database.
You can run a search on your database using this tool :
https://interconnectit.com/products/search-and-replace-for-wordpress-databases/

This file was uploaded to my site over a year ago so I am not going to install a backup from that time. There is no other problem except for pharmaceutical links being posted on random posts. It doesn’t happen a lot. I’ve scanned my site using multiple sites provided by the Moderator. My site comes up clear — wouldn’t they find this string of code? eval(base64_decode()) I regularly update all my themes and plugins, everything is up to date. I deleted all users except for me. I now installed a two factor authentication plugin.